@article{Witzleb2018,
title = {When is Personal Data 'About' or 'Relating To' an Individual? A Comparison of Australian, Canadian and EU Data Protection and Privacy Laws},
author = {Normann Witzleb and Julian Wagner},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3189376},
isbn = {2368-4038},
year = {2018},
date = {2018-09-01},
journal = {Canadian Journal of Comparative and Contemporary Law},
volume = {4},
number = {1},
pages = {293-329},
abstract = {The definition of “personal information” or “personal data” is foundational to the application of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems. },
keywords = {Australian law, Datenschutzrecht, DSGVO, EUGH, Europarecht, ip address},
pubstate = {published},
tppubtype = {article}
}

The definition of “personal information” or “personal data” is foundational to the application of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems.

@article{Wagner2017c,
title = {‘Personal Information’ in the Australian Privacy Act and the Classification of IP Addresses},
author = {Julian Wagner and Normann Witzleb},
url = {https://edpl.lexxion.eu/article/EDPL/2017/4/17},
doi = {10.21552/edpl/2017/4/17},
issn = {2364-2831},
year = {2017},
date = {2017-12-14},
journal = {European Data Protection Law Review (EDPL)},
pages = {528-533},
abstract = {The Federal Court of Australia recently examined the Australian definition of ‘personal information’. It held that the information, in addition to identifying an individual, needs to have that identified or identifiable individual as its ‘subject-matter’. One consequence of this decision is that it may exclude metadata such as IP addresses or other technical data from the scope of application of Australia’s data privacy regime. This decision contrasts with recent European jurisprudence and may deepen the existing gap between Europe’s and Australia’s privacy legislation.},
keywords = {Australian law, common law, Datenschutzrecht, Europarecht, ip address, personal information, Rechtsvergleichung, Technikrecht},
pubstate = {published},
tppubtype = {article}
}

The Federal Court of Australia recently examined the Australian definition of ‘personal information’. It held that the information, in addition to identifying an individual, needs to have that identified or identifiable individual as its ‘subject-matter’. One consequence of this decision is that it may exclude metadata such as IP addresses or other technical data from the scope of application of Australia’s data privacy regime. This decision contrasts with recent European jurisprudence and may deepen the existing gap between Europe’s and Australia’s privacy legislation.